From owner-cvs-all@FreeBSD.ORG Mon Feb 23 11:16:17 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4A2216A4CE; Mon, 23 Feb 2004 11:16:17 -0800 (PST) Received: from kientzle.com (h-66-166-149-50.SNVACAID.covad.net [66.166.149.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6495643D1F; Mon, 23 Feb 2004 11:16:17 -0800 (PST) (envelope-from tim@kientzle.com) Received: from kientzle.com (54.kientzle.com [66.166.149.54] (may be forged)) by kientzle.com (8.12.9/8.12.9) with ESMTP id i1NJBwkX093611; Mon, 23 Feb 2004 11:11:58 -0800 (PST) (envelope-from tim@kientzle.com) Message-ID: <403A507E.4010403@kientzle.com> Date: Mon, 23 Feb 2004 11:11:58 -0800 From: Tim Kientzle User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20031006 X-Accept-Language: en-us, en MIME-Version: 1.0 To: kientzle@acm.org References: <200402221003.i1MA3PW0024791@repoman.freebsd.org> <403944D8.6050107@kientzle.com> <20040223025647.GA43467@VARK.homeunix.com> <40397824.3080607@kientzle.com> <20040223052110.GA58255@VARK.homeunix.com> <40399858.8060506@kientzle.com> <20040223075448.GA59307@VARK.homeunix.com> <403A4730.80302@kientzle.com> In-Reply-To: <403A4730.80302@kientzle.com> Content-Type: multipart/mixed; boundary="------------050400070903000604060405" cc: cvs-src@FreeBSD.org cc: David Schultz cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org cc: Colin Percival Subject: Re: login -p X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kientzle@acm.org List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 19:16:18 -0000 This is a multi-part message in MIME format. --------------050400070903000604060405 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Tim Kientzle wrote: > > The attached patch implements this suggestion. > I just copied "chshell" from su (shouldn't some version > of this be in libc?) and made the obvious change. Patch file now uses the shiny -u flag for improved readability! Tim --------------050400070903000604060405 Content-Type: text/plain; name="kientzle-login.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="kientzle-login.diff" Index: login.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login.c,v retrieving revision 1.98 diff -u -r1.98 login.c --- login.c 26 Jan 2004 20:04:47 -0000 1.98 +++ login.c 23 Feb 2004 19:07:17 -0000 @@ -84,6 +84,7 @@ static int auth_pam(void); static void bail(int, int); +static int chshell(const char *); static int export(const char *); static void export_pam_environment(void); static int motd(const char *); @@ -465,10 +466,12 @@ /* * Destroy environment unless user has requested its - * preservation - but preserve TERM in all cases + * preservation or the user has a non-standard shell. In + * particular, this prevents environment-poisoning exploits + * against nologin scripts. Preserve TERM in all cases. */ term = getenv("TERM"); - if (!pflag) + if (!pflag || !chshell(shell)) environ = envinit; if (term != NULL) setenv("TERM", term, 0); @@ -933,4 +936,22 @@ pam_cleanup(); (void)sleep(sec); exit(eval); +} + +/* + * Return TRUE if the shell is a "standard" shell. + * (That is, one listed in /etc/shells.) + */ +static int +chshell(const char *sh) +{ + int r; + const char *cp; + + r = 0; + setusershell(); + while ((cp = getusershell()) != NULL && !r) + r = (strcmp(cp, sh) == 0); + endusershell(); + return r; } --------------050400070903000604060405--